Windows Hello & U2F security token
1,221 views
Skip to first unread message
FIDO research
Aug 4, 2016, 1:15:52 AM8/4/16
to FIDO Dev (fido-dev)
Dear all,
I would like to ask you all how we can logon Windows 10 with U2F security token such as YubiKeys tied to the Windows Hello (or Windows PIN)?
Thanks!
Fred Le Tamanoir
Aug 5, 2016, 9:15:38 AM8/5/16
to FIDO research, FIDO Dev (fido-dev)
No, you can't.
There is no link between FIDO U2F and Microsoft Hello.
--
There is no link between FIDO U2F and Microsoft Hello.
--
Frederic MARTIN
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/79c4c121-7b7d-4ab7-929d-acdf04edf5b8%40fidoalliance.org.
YubiOn YubiKey
Aug 5, 2016, 9:22:54 AM8/5/16
to Fred Le Tamanoir, FIDO Dev (fido-dev)
Hi Frederic,
Really? I thought those companion devices could be U2F devices.
https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/extending-the-capabilities-of-windows-hello/Thanks,
2016-08-05 22:15 GMT+09:00 Fred Le Tamanoir <fredlet...@gmail.com>:
No, you can't.
There is no link between FIDO U2F and Microsoft Hello.
--Frederic MARTIN
On Thu, Aug 4, 2016 at 7:15 AM, FIDO research <yubikeyy...@gmail.com> wrote:
Dear all,I would like to ask you all how we can logon Windows 10 with U2F security token such as YubiKeys tied to the Windows Hello (or Windows PIN)?Thanks!
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
Ackermann Yuriy
Aug 5, 2016, 9:26:48 AM8/5/16
to YubiOn YubiKey, Fred Le Tamanoir, FIDO Dev (fido-dev)
It is actually most likely true. They were working on implementing FIDO2.0, what is standardised API for FIDO authenticators. So it should be working theoretically, but I can not confirm it. Maybe test it your self? *)
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAGE4F62QVos71uTOYLebt4gEDX3MCc56fmO7tdXUSONUTUmrzQ%40mail.gmail.com.
Fred Le Tamanoir
Aug 5, 2016, 11:18:01 AM8/5/16
to Ackermann Yuriy, YubiOn YubiKey, FIDO Dev (fido-dev)
Yeah, really. Microsoft decided to skip FIDO U2F support because... let's say "because Microsoft". 😖
FIDO WebAuthN was wrongly called FIDO 2.0 before but not anymore (there is no such thing as FIDO 2.0 anymore, please stop using that)
Inside their new web browser Microsoft Edge, Windows Hello can be mixed with another future FIDO "standard" called FIDO "Web Authentication", also called WebAuthN.
Whatever, nobody cares about Microsoft browsers anymore : http://gs.statcounter.com/#desktop-browser-ww-monthly-201601-201607 😄
FIDO WebAuthN was wrongly called FIDO 2.0 before but not anymore (there is no such thing as FIDO 2.0 anymore, please stop using that)
FIDO WebAuthN final specifications will be available soon but drafts are clear : it is/will not be compatible with FIDO U2F or UAF. No doubt or discussion at all. No compatibility.
I hope it is more clear now 😕
On Fri, Aug 5, 2016 at 3:26 PM, Ackermann Yuriy <ackerma...@gmail.com> wrote:
It is actually most likely true. They were working on implementing FIDO2.0, what is standardised API for FIDO authenticators. So it should be working theoretically, but I can not confirm it. Maybe test it your self? *)
Ackermann Yuriy
Developer
e: ackerma...@gmail.com
g: @herrjemand
w: https://jeman.de/
2016-08-06 1:22 GMT+12:00 YubiOn YubiKey <yubikeyy...@gmail.com>:
Hi Frederic,Really? I thought those companion devices could be U2F devices.https://blogs.technet.microsoft.com/windowsitpro/2016/06/29/extending-the-capabilities-of-windows-hello/Thanks,
2016-08-05 22:15 GMT+09:00 Fred Le Tamanoir <fredlet...@gmail.com>:
No, you can't.
There is no link between FIDO U2F and Microsoft Hello.
--Frederic MARTIN
On Thu, Aug 4, 2016 at 7:15 AM, FIDO research <yubikeyy...@gmail.com> wrote:
Dear all,I would like to ask you all how we can logon Windows 10 with U2F security token such as YubiKeys tied to the Windows Hello (or Windows PIN)?Thanks!
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/79c4c121-7b7d-4ab7-929d-acdf04edf5b8%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
Ackermann Yuriy
Aug 5, 2016, 10:33:04 PM8/5/16
to Fred Le Tamanoir, fido...@fidoalliance.org
Am. Thats not correct. Fido2.0(webauthn is too long) is a standardised API for working with fido protocols on the web. Microsoft said before that their prioritie is fido2.0 support. On thursday we had fido specification webinar. They had a good explanation on why they decided to do fido2.0 so I advice to watch it on youtube
6 авг. 2016 г. 3:18 AM пользователь "Fred Le Tamanoir" <fredlet...@gmail.com> написал:
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/79c4c121-7b7d-4ab7-929d-acdf04edf5b8%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAGE4F62QVos71uTOYLebt4gEDX3MCc56fmO7tdXUSONUTUmrzQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAEg85Vywip6_pWNMR2QX67NnEuH86YJ%2BJNLHnAfb%2BbG0r_eUDA%40mail.gmail.com.
Fred Le Tamanoir
Aug 6, 2016, 11:42:53 AM8/6/16
to Ackermann Yuriy, FIDO Dev (fido-dev)
"Ackermann Yuriy: Am. Thats not correct."
- What is not correct ? Perhaps I misunderstood a point somewhere, please explain. Thanx.
- I am sure that FIDO 2.0 or WebAuthn (whatever we call it) will not be compatible with FIDO U2F if you have other info please share.
- By the way, my previous statement was a bit too categorical: WebAuthN is the name for W3C, perhaps some FIDO members continue to call it FIDO 2.0 inside FIDO Alliance
- Latest draft is/will be always available here : https://www.w3.org/TR/webauthn/
- Latest news and minutes are here : https://www.w3.org/blog/webauthn/
- Windows Hello is/will be compatible with FIDO 2.0 / WebAuthN only. There is no way to use U2F with Hello.
"Ackermann Yuriy: Microsoft said before that their priority is fido2.0 support"
- That's what I said too.
- Regarding FIDO U2F: Chrome desktop and Chrome mobile are compatible with FIDO U2F (Opera Desktop next release too). Firefox is compatible with U2F too (through an extension, soon it will be built-in). IE and Edge are not (won't be).
"Ackermann Yuriy: On thursday we had fido specification webinar. They had a good explanation on why they decided to do fido2.0 so I advice to watch it on youtube"
- You probably mean that one : https://www.youtube.com/watch?v=CeFjQaFoTwg
- They clearly explained how and why they decide to bring it to W3C through "Web Authentication"
- They did not say it will be compatible with U2F.
- Did I miss something else ?
- Did I miss something else ?
(Remember the original post was about a possible link between Windows 10 / Windows Hello and U2F)
--
Fred
Ackermann Yuriy
Aug 7, 2016, 12:32:12 PM8/7/16
to Fred Le Tamanoir, FIDO Dev (fido-dev)
"...Windows 10 Hello authentication system, which accepts a number of strong authentication types including U2F authenticators."
https://www.yubico.com/2016/07/over-a-dozen-services-supporting-fido-u2f/Yuipikayey
Fred Le Tamanoir
Aug 8, 2016, 4:24:52 AM8/8/16
to Ackermann Yuriy, FIDO Dev (fido-dev)
Wow thanx for the info. That could be nice. So it would probably mean that FIDO 2.0 is still NOT compatible with U2F but that Hello knows how to deal with U2F... strange, but I do like the news it is true. I don't see much information about it anywhere else but I will simply give a try by myself, now that the RS1 Anniversary update is out...
Fred Le Tamanoir
Aug 8, 2016, 5:34:55 AM8/8/16
to Ackermann Yuriy, FIDO Dev (fido-dev)
ok, tested and until proven otherwise, it is not true.
NO, WINDOWS 10 HELLO IS STILL NOT COMPATIBLE WITH U2F.
Case closed until we quit the vaporware world.
Ackermann Yuriy
Sep 27, 2016, 5:08:15 PM9/27/16
to FIDO Dev (fido-dev)
Now I am soooooo confused...
Ackermann Yuriy
Sep 27, 2016, 5:46:37 PM9/27/16
to FIDO Dev (fido-dev)
... The app will be available soon in the Windows Store. ...
Ackermann Yuriy
Sep 27, 2016, 6:13:07 PM9/27/16
to John Fontana, FIDO Dev (fido-dev)
Thanks John, for clarifilying.
28 сент. 2016 г. 11:05 AM пользователь "John Fontana" <jfon...@yubico.com> написал:
Yuriy,That is correct. Part of Windows Hello Companion Device Framework
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CALRyZMo5OxmAwTCWX0Cqvz%2BW2%2BE-%2Bum_aZXa7jW15ZmdHCDF%3DA%40mail.gmail.com.
--John Fontana
Identity Evangelist | Yubico
Phone: +1 303 301 4437
Skype: j_fontana
Fred Le Tamanoir
Jan 13, 2017, 7:09:35 AM1/13/17
to FIDO Dev (fido-dev), jfon...@yubico.com
And as far as I know... this app has still nothing to do with FIDO U2F. (facepalm)
Can we please stop spreading confusion, this is FIDO Alliance forum here.
Thanks John, for clarifilying.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/79c4c121-7b7d-4ab7-929d-acdf04edf5b8%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CALRyZMo5OxmAwTCWX0Cqvz%2BW2%2BE-%2Bum_aZXa7jW15ZmdHCDF%3DA%40mail.gmail.com.
Jean-Raphaël Dion
Oct 23, 2017, 3:17:05 PM10/23/17
to FIDO Dev (fido-dev), yubikeyy...@gmail.com
HEYYYY U2F works only if you have a computer with a windows LOCAL account.... if you connect with you hotmail or whatever other mail thats not working
Reply all
Reply to author
Forward
0 new messages